Docker wants to manage the full lifecycle of processes running inside one if its containers, which makes it important for CRIU and Docker to work closely together when trying to checkpoint and restore a container. This is being achieved by adding the ability to checkpoint and restore directly into Docker itself, powered under the hood by CRIU. This integration is a work in progress, and its status will be outlined below.

The easiest way to try CRIU and Docker together is to install this pre-compiled version of Docker. It's based on Docker 1.10, and built with the DOCKER_EXPERIMENTAL build tag.

To install, download the docker-1.10.0-dev binary to your system. You'll need to start a docker daemon from this binary, and then you can use the same binary to communicate with that daemon. To start a docker daemon, run a command something like this:

In addition to downloading the binary above (or compiling one yourself), you need CRIU installed on your system, with at least version 2.0. You also need some shared libraries on your system. The most likely things you'll need to install are libprotobuf-c and libnl-3. Here's an output of ldd on my system:

Creating a checkpoint is a top level Docker command with this new version of Docker. Here's an example that simply logs an integer in a loop. From this point forward, commands are show using docker instead of docker-dev-1.10, but if you have not installed this version globally you can use the latter.

Beyond the straightforward case of checkpointing and restoring the same container, it's also possible to checkpoint one container, and then restore the checkpoint into a completely different container. Right now that is done with the --force option, in conjunction with the --image-dir option. Here's a slightly revised example from before:

More detailed instructions on running checkpoint/restore with Docker in version 1.12 will be coming in the future, but in the meantime, you must build the version of Docker available in the docker-checkpoint-restore branch of Boucher's fork of Docker, available here. Make sure to build with the env DOCKER_EXPERIMENTAL=1.

The command line interface has changed from the 1.10 version. docker checkpoint is now an umbrella command for a few checkpoint operations. To create a checkpoint, use the docker checkpoint create command, which takes container_id and checkpoint_id as non-optional arguments. Example:

docker checkpoint create my_container my_first_checkpoint

Restoring a container is now performed just as an option to docker start. Although typically you may create and start a container in a single step using docker run, under the hood this is actually two steps: docker create followed by docker start. You can also call start on a container that was previously running and has since been stopped or killed. That looks something like this:

CRIU has already been integrated into the lower level components that power Docker, namely runc and containerd. The final step in the process is to integrate with Docker itself. You can track the status of that process in this pull request.

The latest versions of the Docker integration require at least version 2.0 of CRIU in order to work correctly. Additionally, depending on the storage driver being used by Docker, and other factors, there may be other compatibility issues that will attempt to be listed here.

There is a bug in OverlayFS that reports the wrong mnt_id in /proc/<pid>/fdinfo/<fd> and the wrong symlink target path for /proc/<pid>/<fd>. Fortunately, these bugs have been fixed in the kernel v4.2-rc2. The following small kernel patches fix the mount id and symlink target path issue: